A fired Fannie Mae computer engineer allegedly placed a virus in the mortgage giant’s software that could have shut the company down for at least a week and caused millions of dollars in damage, according to reports.

Ellen Messmer, Network World
January 29, 2009

Share

Twitter

Facebook

LinkedIn

Google Plus

A computer-engineering employee fired from troubled mortgage giant Fannie Mae is accused of preparing a malware computer time bomb which had it not been detected, might have destroyed millions of files, according to reports.

Rajendrasinh Makwana, the computer contract employee in question, was indicted earlier this week on computer intrusion charges, according to the "DC Examiner" report citing court documents.

Makwana was let go from his contract position at Fannie Mae's Urbana, datacentre on 24 Oct., 2008, after he had "erroneously created a computer script that changed the settings on the Unix servers without the proper authority of his supervisor," read a complaint sworn by FBI Special Agent Jessica Nye earlier this month. Makwana had created that settings-changing script on 10 Oct. or 11 Oct., as much as two weeks before he was fired, Nye said.

Although Nye's affidavit said Makwana was employed by OmniTech Systems, the company late Thursday disputed that, saying Makwana had not been in their employ at any time, but was instead a "pass-through" contractor paid by another company. On Friday, FBI spokesman Rich Wolf confirmed OmniTech's claim. "They were an innocent party here," said Wolf.

Court documents include a statement from FBI agent Jessica Nye that the malicious script, had it gone off, would have "reduced if not shut down operations" at Fannie Mae for at least a week. "The total damage would include cleaning out and restoring of 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased."

It was apparently by chance that a Fannie Mae computer engineer discovered the virus on 29 Oct., and the incident was linked to Makwana., who is said to be out on $100,000 bail.

"Let's remember this guy hasn't yet been found guilty," commented Sophos senior technical consultant Graham Cluley, who has written a blog about the Fannie Mae incident . "But imagine if this had happened. People's confidence is already shaken in financial institutions. Confidence would go from low to beneath the gutter. In this time of economic crisis, firms will be letting people go. And they're not going to like it."

The disgruntled employee is a real issue, and firms need to be thinking carefully about security issues, such as changing passwords and access control, in situations of layoffs, Cluley noted.